Ralf Hacker Channel
28.1K subscribers
470 photos
17 videos
503 files
610 links
Download Telegram
SEC 506.1-506.3 (2020): Securing Linux pt1-3

#sans #course #linux #defence #blueteam #pentest
SEC 506.4-506.5 (2020): Securing Linux pt 4,5

#sans #course #linux #defence #blueteam #pentest
SEC 506.6 (2020): Securing Linux pt 6

#sans #course #linux #defence #blueteam #pentest
CVE-2024-48990: Linux LPE via needrestart

PATCHED: Nov 19, 2024

PoC: https://github.com/makuga01/CVE-2024-48990-PoC

Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

P.S. Хоть для привеска и нужно дожидаться запуска needrestart (который стартует, например, при apt upgrade), патчу всего три дня, и он еще не добавлен во все репы Debian)

#exploit #pentest #redteam #lpe #linux
👍20🔥9🤯5
CVE-2025-32463: sudo 1.9.14-1.9.17 LPE

Blog + exploit: https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Patched: June 28, 2025

#lpe #linux #pentest #redteam
3🔥44👍9🤯8😁3
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
DirtyClone — CVE-2026-43503

A Linux kernel local privilege escalation and page-cache write. DirtyClone is the fourth public member of the DirtyPipe / DirtyFrag family: it forces the kernel to run an in-place ESP (IPsec) decrypt over a file-backed page-cache page the attacker only has read access to, mutating that page in RAM. With the AES-CBC key/IV chosen so the decrypt writes attacker-controlled bytes, /usr/bin/su is rewritten with a tiny setuid(0)+execve("/bin/sh") ELF and invoking it yields root.

🔗 Research:
https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/

🔗 Exploit:
https://github.com/rafaeldtinoco/security/tree/main/exploits/dirtyclone

#linux #lpe #kernel #dirty
🔥22👍5🥰1